A type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system's state.

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

A type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system's state.

Explanation:
The idea being tested is detecting intrusions by watching the host itself rather than the network. A host-based IDS runs on the computer being protected and monitors its own internal activity and state—such as logs, running processes, configurations, and file integrity—to spot unusual patterns or changes that could indicate a compromise. It uses baselines or signature/anomaly detection to raise alerts when something looks off, like unexpected process activity or drastic changes to critical system files. This fits best because the description focuses on monitoring the host for unexpected behavior or big changes to the system’s state. Network-based detection looks at traffic between machines, not the host’s internal state. File integrity monitoring is a specific technique often used by host-based systems, but the broader concept here is host-focused monitoring of the system’s behavior. Host-based IPS would emphasize preventing actions in real time, whereas the question centers on detection of unusual activity.

The idea being tested is detecting intrusions by watching the host itself rather than the network. A host-based IDS runs on the computer being protected and monitors its own internal activity and state—such as logs, running processes, configurations, and file integrity—to spot unusual patterns or changes that could indicate a compromise. It uses baselines or signature/anomaly detection to raise alerts when something looks off, like unexpected process activity or drastic changes to critical system files.

This fits best because the description focuses on monitoring the host for unexpected behavior or big changes to the system’s state. Network-based detection looks at traffic between machines, not the host’s internal state. File integrity monitoring is a specific technique often used by host-based systems, but the broader concept here is host-focused monitoring of the system’s behavior. Host-based IPS would emphasize preventing actions in real time, whereas the question centers on detection of unusual activity.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy